107 | Colorado Privacy Act
(b) “Sale”, “Sell”, or “Sold” does not include the following:
(I) the disclosure of personal data to a processor that processes the personal data on behalf of a controller;
(II)   the disclosure of personal data to a third party for purposes of providing a product or service requested by the
consumer;
(III) the disclosure or transfer of personal data to an affiliate of the controller;
(IV)  the disclosure or transfer to a third party of personal data as an asset that is part of a proposed or actual
merger, acquisition, bankruptcy, or other transaction in which the third party assumes control of all or part of the
controller’s assets; or
(V) the disclosure of personal data:
(A)  that a consumer directs the controller to disclose or intentionally discloses by using the controller to interact
with a third party; or
(B) intentionally made available by a consumer to the general public via a channel of mass media.
(24) “Sensitive Data” means:
(a)  personal data revealing racial or ethnic origin, religious beliefs, a mental or physical health condition or diagnosis, sex
life or sexual orientation, or citizenship or citizenship status;
(b) genetic or biometric data that may be processed for the purpose of uniquely identifying an individual; or
(c) personal data from a known child.
(25) “Targeted Advertising”:
(a)  means displaying to a consumer an advertisement that is selected based on personal data obtained or inferred over
time from the consumer’s activities across nonaffiliated websites, applications, or online services to predict consumer
references or interests; and
(b) does not include:
(I) advertising to a consumer in response to the consumer’s request for information or feedback;
(II) advertisements based on activities within a controller’s own websites or online applications;
(III)  advertisements based on the context of a consumer’s current search query, visit to a website, or online application;
or page 8-senate bill 21-190
(IV) processing personal data solely for measuring or reporting advertising performance, reach, or frequency.
(26)  “Third Party” means a person, public authority, agency, or body other than a consumer, controller, processor, or affiliate
of the processor or the controller.